Revert "s3-winbindd: make sure we obey the -n switch also for samlogon cache access."

This reverts commit ae6a779bf9f816680e724ede37324b7f5355996b.

Bug 9125 analysis from Volker:

The problem is that there are no network calls possible at all that
would do what the samlogon cache does for us. There is just no way to
retrieve the group membership in a complex trusted environment. If you
have just a single domain with Samba as domain controller it might be
possible, but even within a single domain it is not possible to
correctly retrieve all group memberships using LDAP calls due to ACLs on
directory objects. The call to get that is called NetSamLogon on the
NETLOGON pipe. But this call requires user credentials and might trigger
updating counts on the server. So to correctly implement wbinfo -r after
a user has logged in, you have two alternatives: Save the info3 struct
or the PAC in the netsamlogon cache. If you insist on doing network
calls, you need to cache the user credentials somewhere to re-do the
NetSamLogon call every time the wbinfo -r is requested.

Reviewed-by: Andreas Schneider <asn@samba.org>

diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
index 628fd1c3f2790c7902b0e8651240c6779a1ce921..921d4086a11d12d13ced86228871e731ea045fa6 100644 (file)
--- a/source3/winbindd/winbindd_ads.c
+++ b/source3/winbindd/winbindd_ads.c
@@ -503,7 +503,7 @@ static NTSTATUS query_user(struct winbindd_domain *domain,
 
        /* try netsamlogon cache first */
 
-       if (winbindd_use_cache() && (user = netsamlogon_cache_get( mem_ctx, sid )) != NULL )
+       if ( (user = netsamlogon_cache_get( mem_ctx, sid )) != NULL )
        {
                DEBUG(5,("query_user: Cache lookup succeeded for %s\n", 
                         sid_string_dbg(sid)));

diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
index c79d3b6dc116e02290d6229dba8e896fa6b8a600..517a3028ff8b1e44a5e5a80d48f3be4b2db366c5 100644 (file)
--- a/source3/winbindd/winbindd_cache.c
+++ b/source3/winbindd/winbindd_cache.c
@@ -1302,10 +1302,6 @@ NTSTATUS wcache_get_creds(struct winbindd_domain *domain,
        uint32 rid;
        fstring tmp;
 
-       if (!winbindd_use_cache()) {
-               return NT_STATUS_OBJECT_NAME_NOT_FOUND;
-       }
-
        if (!cache->tdb) {
                return NT_STATUS_INTERNAL_DB_ERROR;
        }

diff --git a/source3/winbindd/winbindd_creds.c b/source3/winbindd/winbindd_creds.c
index a160f7a6b5bb3080759a126d058d82448bc9dc8f..6bbd0ffd9d134bd7dc6206d6d3bea2d97ad13a13 100644 (file)
--- a/source3/winbindd/winbindd_creds.c
+++ b/source3/winbindd/winbindd_creds.c
@@ -38,10 +38,6 @@ NTSTATUS winbindd_get_creds(struct winbindd_domain *domain,
        struct netr_SamInfo3 *info;
        NTSTATUS status;
 
-       if (!winbindd_use_cache()) {
-               return NT_STATUS_OBJECT_NAME_NOT_FOUND;
-       }
-
        status = wcache_get_creds(domain, mem_ctx, sid, cached_nt_pass, cred_salt);
        if (!NT_STATUS_IS_OK(status)) {
                return status;

diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c
index 455de3d54c3b9be5250e126a3690ef9f7dab4f86..39186f882574dc7306bbee0549ea515f7037ad37 100644 (file)
--- a/source3/winbindd/winbindd_msrpc.c
+++ b/source3/winbindd/winbindd_msrpc.c
@@ -407,7 +407,7 @@ static NTSTATUS msrpc_query_user(struct winbindd_domain *domain,
 {
        struct rpc_pipe_client *samr_pipe;
        struct policy_handle dom_pol;
-       struct netr_SamInfo3 *user = NULL;
+       struct netr_SamInfo3 *user;
        TALLOC_CTX *tmp_ctx;
        NTSTATUS status;
 
@@ -425,9 +425,7 @@ static NTSTATUS msrpc_query_user(struct winbindd_domain *domain,
        }
 
        /* try netsamlogon cache first */
-       if (winbindd_use_cache()) {
-               user = netsamlogon_cache_get(tmp_ctx, user_sid);
-       }
+       user = netsamlogon_cache_get(tmp_ctx, user_sid);
        if (user != NULL) {
                DEBUG(5,("msrpc_query_user: Cache lookup succeeded for %s\n",
                        sid_string_dbg(user_sid)));